Criminal negligence: The sorry state of US law enforcement data sharing

US Border Patrol agents intercept a man trying to enter the US illegally from Mexico. Unaware that he is wanted by the FBI for three murders, they return him to Mexico. The man returns to the US and murders several more people before being caught.

A team of investigators works for 20 years to bring down an international drug-trafficking organization. Had they known about related information in other law enforcement databases scattered across the US, the case might have been closed in three.

True stories like these have highlighted the critical need to improve information sharing among law enforcement organizations, but it wasn't until the 9/11 attacks, the subsequent 9/11 Commission Report and a presidential mandate that better information sharing became a top priority.

The initiatives that arose from that mandate are finally beginning to open up stovepiped data repositories by transforming how law enforcement agencies at the federal, state and local levels capture, store and share data.

The biggest changes have come in two areas: how law enforcement identifies bad guys, and how investigators gain access to incident reports documented by more than 20 federal agencies and 20,000 state, county, local and tribal law enforcement organizations nationwide. "You'll be able to search data that you never had access to before," says Tom Bush, assistant director in the FBI's Criminal Justice Information Services (CJIS) division.

Most of the improvements in data sharing flow from the development of the Global Justice XML Data Model, a standard that provides a common vocabulary and structure for the exchange of data among law enforcement databases. Initiated by the US Department of Justice, GJXDM was released in 2003. "By 2004, there were projects all across the country using it," says Paul Wormeli, executive director of the Integrated Justice Information System Institute, a public-private partnership that helped develop the standard.

In 2005, CIOs at the DOJ and the US Department of Homeland Security agreed to build the National Information Exchange Model (NIEM), an extension of GJXDM that facilitates data sharing beyond law enforcement to the areas of justice, public safety, intelligence, homeland security, and emergency and disaster management. Work is also beginning on direct computer-to-computer data exchanges using Web services. "This field is waking up to service-oriented architectures," says Wormeli, noting that some reference architectures are already in place.

These standards are designed to solve the problem of proprietary and incompatible law enforcement record management systems without requiring every organization to throw out what they have and start over. "The beauty of NIEM is that it preserves the legacy systems. We're building middleware," says Wormeli.

Most of the identity databases at the federal level aren't yet NIEM-compliant, but agencies are planning upgrades to those systems and have already taken steps to facilitate data sharing. Although federal agencies use many databases for law enforcement, the three primary identity databases are the FBI's Integrated Automated Fingerprint ID System (IAFIS); the DHS's IDENT fingerprint database of 90 million foreign nationals, gathered from visa applications and used at all points of entry; and the US Department of Defense's Automated Biometric Identification System (ABIS), currently used to monitor foreign nationals entering and leaving US military bases in Iraq and Afghanistan.

IDENT, IAFIS and ABIS are all capable of some data exchanges by way of GJXDM today, but each is being reworked to natively support the NIEM standard and allow data exchanges with databases in fields outside of law enforcement, such as emergency management. IDENT is in the process of being updated, and contracts to develop the next generations of IAFIS and ABIS, which will add facial and iris image-recognition capabilities, were awarded in February.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.